diff options
author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-12 19:24:13 +0000 |
---|---|---|
committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-12 19:24:13 +0000 |
commit | 99e5450a1d506fe1f28175a78f84093005c5d39b (patch) | |
tree | 1cea1cb586a9a2e559ea5498352119f54ed7f8c5 | |
parent | b24fce1670f52c388f8bd4d83744ea6e19588894 (diff) | |
download | krb5-99e5450a1d506fe1f28175a78f84093005c5d39b.tar.gz krb5-99e5450a1d506fe1f28175a78f84093005c5d39b.tar.xz krb5-99e5450a1d506fe1f28175a78f84093005c5d39b.zip |
- add upstream patches for KDC crash during AES and RC4 decryption
(CVE-2009-4212), via Tom Yu (#545015)
-rw-r--r-- | 2009-004-patch_1.6.3.txt | 268 | ||||
-rw-r--r-- | krb5.spec | 8 |
2 files changed, 275 insertions, 1 deletions
diff --git a/2009-004-patch_1.6.3.txt b/2009-004-patch_1.6.3.txt new file mode 100644 index 0000000..7ed2e99 --- /dev/null +++ b/2009-004-patch_1.6.3.txt @@ -0,0 +1,268 @@ +Index: src/lib/crypto/Makefile.in +=================================================================== +--- src/lib/crypto/Makefile.in (revision 23398) ++++ src/lib/crypto/Makefile.in (working copy) +@@ -22,6 +22,7 @@ + $(srcdir)/t_hmac.c \ + $(srcdir)/t_pkcs5.c \ + $(srcdir)/t_cts.c \ ++ $(srcdir)/t_short.c \ + $(srcdir)/vectors.c + + ##DOSBUILDTOP = ..\.. +@@ -184,12 +185,13 @@ + + clean-unix:: clean-liblinks clean-libs clean-libobjs + +-check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 ++check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_short + $(RUN_SETUP) $(VALGRIND) ./t_nfold + $(RUN_SETUP) $(VALGRIND) ./t_encrypt + $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ + diff t_prng.output $(srcdir)/t_prng.expected + $(RUN_SETUP) $(VALGRIND) ./t_hmac ++ $(RUN_SETUP) $(VALGRIND) ./t_short + + # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5 + +@@ -218,10 +220,14 @@ + $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ + $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) + ++t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) ++ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ ++ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) + + clean:: + $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ +- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o ++ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \ ++ t_short t_short.o + -$(RM) t_prng.output + + all-windows:: +@@ -761,6 +767,15 @@ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/hash_provider/hash_provider.h t_cts.c ++t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ ++ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ ++ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ ++ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ ++ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ ++ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ ++ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ ++ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ ++ t_short.c + vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ +Index: src/lib/crypto/arcfour/arcfour.c +=================================================================== +--- src/lib/crypto/arcfour/arcfour.c (revision 23398) ++++ src/lib/crypto/arcfour/arcfour.c (working copy) +@@ -203,6 +203,12 @@ + keylength = enc->keylength; + hashsize = hash->hashsize; + ++ /* Verify input and output lengths. */ ++ if (input->length < hashsize + CONFOUNDERLENGTH) ++ return KRB5_BAD_MSIZE; ++ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) ++ return KRB5_BAD_MSIZE; ++ + d1.length=keybytes; + d1.data=malloc(d1.length); + if (d1.data == NULL) +Index: src/lib/crypto/enc_provider/aes.c +=================================================================== +--- src/lib/crypto/enc_provider/aes.c (revision 23398) ++++ src/lib/crypto/enc_provider/aes.c (working copy) +@@ -94,9 +94,11 @@ + nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; + + if (nblocks == 1) { +- /* XXX Used for DK function. */ ++ /* Used when deriving keys. */ ++ if (input->length < BLOCK_SIZE) ++ return KRB5_BAD_MSIZE; + enc(output->data, input->data, &ctx); +- } else { ++ } else if (nblocks > 1) { + unsigned int nleft; + + for (blockno = 0; blockno < nblocks - 2; blockno++) { +@@ -149,9 +151,9 @@ + + if (nblocks == 1) { + if (input->length < BLOCK_SIZE) +- abort(); ++ return KRB5_BAD_MSIZE; + dec(output->data, input->data, &ctx); +- } else { ++ } else if (nblocks > 1) { + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); +Index: src/lib/crypto/dk/dk_decrypt.c +=================================================================== +--- src/lib/crypto/dk/dk_decrypt.c (revision 23398) ++++ src/lib/crypto/dk/dk_decrypt.c (working copy) +@@ -89,6 +89,12 @@ + else if (hmacsize > hashsize) + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + ++ /* Verify input and output lengths. */ ++ if (input->length < blocksize + hmacsize) ++ return KRB5_BAD_MSIZE; ++ if (output->length < input->length - blocksize - hmacsize) ++ return KRB5_BAD_MSIZE; ++ + enclen = input->length - hmacsize; + + if ((kedata = (unsigned char *) malloc(keylength)) == NULL) +Index: src/lib/crypto/raw/raw_decrypt.c +=================================================================== +--- src/lib/crypto/raw/raw_decrypt.c (revision 23398) ++++ src/lib/crypto/raw/raw_decrypt.c (working copy) +@@ -34,5 +34,7 @@ + const krb5_data *ivec, const krb5_data *input, + krb5_data *output) + { ++ if (output->length < input->length) ++ return KRB5_BAD_MSIZE; + return((*(enc->decrypt))(key, ivec, input, output)); + } +Index: src/lib/crypto/t_short.c +=================================================================== +--- src/lib/crypto/t_short.c (revision 0) ++++ src/lib/crypto/t_short.c (revision 0) +@@ -0,0 +1,112 @@ ++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ ++/* ++ * lib/crypto/crypto_tests/t_short.c ++ * ++ * Copyright (C) 2009 by the Massachusetts Institute of Technology. ++ * All rights reserved. ++ * ++ * Export of this software from the United States of America may ++ * require a specific license from the United States Government. ++ * It is the responsibility of any person or organization contemplating ++ * export to obtain such a license before exporting. ++ * ++ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and ++ * distribute this software and its documentation for any purpose and ++ * without fee is hereby granted, provided that the above copyright ++ * notice appear in all copies and that both that copyright notice and ++ * this permission notice appear in supporting documentation, and that ++ * the name of M.I.T. not be used in advertising or publicity pertaining ++ * to distribution of the software without specific, written prior ++ * permission. Furthermore if you modify this software you must label ++ * your software as modified software and not distribute it in such a ++ * fashion that it might be confused with the original M.I.T. software. ++ * M.I.T. makes no representations about the suitability of ++ * this software for any purpose. It is provided "as is" without express ++ * or implied warranty. ++ * ++ * Tests the outcome of decrypting overly short tokens. This program can be ++ * run under a tool like valgrind to detect bad memory accesses; when run ++ * normally by the test suite, it verifies that each operation returns ++ * KRB5_BAD_MSIZE. ++ */ ++ ++#include "k5-int.h" ++ ++krb5_enctype interesting_enctypes[] = { ++ ENCTYPE_DES_CBC_CRC, ++ ENCTYPE_DES_CBC_MD4, ++ ENCTYPE_DES_CBC_MD5, ++ ENCTYPE_DES3_CBC_SHA1, ++ ENCTYPE_ARCFOUR_HMAC, ++ ENCTYPE_ARCFOUR_HMAC_EXP, ++ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ++ ENCTYPE_AES128_CTS_HMAC_SHA1_96, ++ 0 ++}; ++ ++/* Abort if an operation unexpectedly fails. */ ++static void ++x(krb5_error_code code) ++{ ++ if (code != 0) ++ abort(); ++} ++ ++/* Abort if a decrypt operation doesn't have the expected result. */ ++static void ++check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) ++{ ++ if (len < min_len) { ++ /* Undersized tokens should always result in BAD_MSIZE. */ ++ if (code != KRB5_BAD_MSIZE) ++ abort(); ++ } else { ++ /* Min-size tokens should succeed or fail the integrity check. */ ++ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) ++ abort(); ++ } ++} ++ ++static void ++test_enctype(krb5_enctype enctype) ++{ ++ krb5_error_code ret; ++ krb5_keyblock keyblock; ++ krb5_enc_data input; ++ krb5_data output; ++ size_t min_len, len; ++ ++ printf("Testing enctype %d\n", (int) enctype); ++ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); ++ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); ++ input.enctype = enctype; ++ ++ /* Try each length up to the minimum length. */ ++ for (len = 0; len <= min_len; len++) { ++ input.ciphertext.data = calloc(len, 1); ++ input.ciphertext.length = len; ++ output.data = calloc(len, 1); ++ output.length = len; ++ ++ /* Attempt a normal decryption. */ ++ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); ++ check_decrypt_result(ret, len, min_len); ++ ++ free(input.ciphertext.data); ++ free(output.data); ++ } ++} ++ ++int ++main(int argc, char **argv) ++{ ++ int i; ++ krb5_data notrandom; ++ ++ notrandom.data = "notrandom"; ++ notrandom.length = 9; ++ krb5_c_random_seed(NULL, ¬random); ++ for (i = 0; interesting_enctypes[i]; i++) ++ test_enctype(interesting_enctypes[i]); ++ return 0; ++} +Index: src/lib/crypto/old/old_decrypt.c +=================================================================== +--- src/lib/crypto/old/old_decrypt.c (revision 23398) ++++ src/lib/crypto/old/old_decrypt.c (working copy) +@@ -45,8 +45,10 @@ + blocksize = enc->block_size; + hashsize = hash->hashsize; + ++ /* Verify input and output lengths. */ ++ if (input->length < blocksize + hashsize || input->length % blocksize != 0) ++ return(KRB5_BAD_MSIZE); + plainsize = input->length - blocksize - hashsize; +- + if (arg_output->length < plainsize) + return(KRB5_BAD_MSIZE); + @@ -16,7 +16,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.6.3 -Release: 22%{?dist} +Release: 23%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -105,6 +105,7 @@ Patch80: krb5-trunk-preauth-master.patch Patch82: krb5-CVE-2009-0844-0845-2.patch Patch83: krb5-CVE-2009-0846.patch Patch84: krb5-CVE-2009-0847.patch +Patch85: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -235,6 +236,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-23 +- add upstream patch for KDC crash during AES and RC4 decryption + (CVE-2009-4212), via Tom Yu (#545015) + * Tue Jun 30 2009 Nalin Dahyabhai <nalin@redhat.com> - pam_rhosts_auth.so's been gone, use pam_rhosts.so instead @@ -1422,6 +1427,7 @@ popd %patch82 -p1 -b .CVE-2009-0844-0845-2 %patch83 -p1 -b .CVE-2009-0846 %patch84 -p1 -b .CVE-2009-0847 +%patch85 -p0 -b .2009-004 cp src/krb524/README README.krb524 gzip doc/*.ps |